Recorded a substitution of the site Linux.org capture DNS

Зафиксирована подмена сайта Linux.org через захват DNS

The administrators of the community Linux.org (not to be confused with Linux.com) reported an incident in which the attackers replaced the contents of the website. The attack was carried out by redirecting traffic to another host via the change of data in the DNS.

According to the administrator of the website, the attackers gained access to the account of the owner of the site Registrar Network Solutions. Apparently, for the domain Linux.org via the Whois service display complete information about the owner and the attacker have used existing databases of breached accounts were able to access a mailbox in Yahoo, using previously fallen into the hands of zloumyshlennikov database with the password hashes. Then using the function to reset a forgotten password, the attacker could change the password for an account, Network Solutions, to which was attached a hacked Inbox in Yahoo. An obstacle could be to use two-factor authentication, but it has not been enabled for additional protection of your account.

The project infrastructure and user base Linux.org not damaged – the attacker did not have access to the servers. The attack was limited only to vandalism and switches to another server in DNS. The attacker had already published a screenshot of the interface Network Solutions, which shows that in addition to linux.org was access to the DNS settings of the sites linuxonline.com, linuxonline.net, linuxonline.org and linuxhq.com that have not been used for any projects.

It is assumed that the cause of the breach was the recent change of leadership linux.org with the replacement of the website, removing the previously placed content and re-registration of user accounts of the forum. First, the attacker has spoofed placed on the website obscene and vulgar text image with a hint of protest adopted by the developers of the Linux kernel code of conduct (Code of Conduct). Then, on the page was posted insults and full personal details (including home address) Coraline Ada Ehmke, a transgender developer and Creator of the initiative Contributor Covenant, on the basis of which was formed the code of the developers of the Linux kernel. The site is redirected for three and a half hours.

According to the materials: www.opennet.ru

Share